Here is the second part in a series of strong suggestions that will help your enterprise fight targeted attacks and campaigns. This Security in Context paper discusses how you can protect sensitive information from threat actors by classifying data, establishing endpoint-to-cloud protection, and building a data protection infrastructure.
This is the first in a series of strong suggestions that will help your enterprise fight targeted attacks and campaigns. This paper outlines how a properly configured network can help effectively detect, block, and prepare for malicious access inside a network. More specifically, this can guide IT managers with network segmentation, user account and workstation setup, and logging.
<P>Businesses today are set on multidevice, cross-platform IT environments. Despite issues that come with the bring-your-own-device (BYOD) trend and consumerization of IT, these trends accelerate employee productivity, allow remote access to corporate data, and improves worker flexibility.</P>
Trend Micro monitors the targeted attack landscape in order to identify ongoing campaigns and provide additional threat intelligence useful for identifying the existence of these campaigns in an enterprise network. This quarterly report presents the targeted attack campaigns observed and mitigated by Trend Micro based on reported customer cases, as well as our own independently gathered data.
<p>Advanced persistent threats (APTs) refer to a category of high-risk threats that pertain to computer intrusions by threat actors that aggressively pursue and compromise chosen target institutions or enterprises. Data exfiltration is the main goal of advanced persistent threats (APTs). APTs strive to remain undetected in the network in order to gain access to the company's crown jewels or valuable data. These valuable data include intellectual property, trade secrets, and customer information. In addition, threat actors may also seek other sensitive data such as top-secret documents from government or military institutions.</p>
Employees have adopted the use of consumer applications in the enterprise environment for both business operations and personal purposes. Osterman Research reveals that these applications are meant to improve employees’ productivity and bring increased revenue to the company. However, instant messaging applications, blogging platforms, and social networking sites can bring certain security risks to confidential company data.
Enterprises transform IT structures to include virtualization and cloud computing because they reduce company costs and optimize resource utilization. Adopting these new platforms, however, opens new windows of exposure that attackers may leverage in data breach attacks.
<div>The patch management issues listed in this cloud security primer continue to weaken enterprise security. In a 2012 security survey, over half perceive their patch managements' success as only "fair" or "minimal."</div><div><br></div><div>This security challenge is further compunded by the increasing volume of significant attacks in organizations. In the first quarter of 2013, multiple zero-day exploits plagued widely used applications, such as Java, Internet Explorer, Adobe Reader, Acrobat, and Flash Player.</div><div><br></div><div>To mitigate patching issues and prevent potential high-impact attacks, organizations must deploy security solutions with effective virtual patching feature. It is then mandatory to understand how virtual patching works.</div>
<div>Enterprises consider advanced persistent threats (APTs) to be high priority threats due to the risks they pose against confidential data. The impact of APT campaigns to an organization or business includes data or intellectual property theft, damage to business reputation or image, and/or sabotage.</div><div><br></div><div>While lateral movement is arduous to detect, related activities can be detected via monitoring tools and a strong in-depth defense strategy. Enterprises need to build external and local threat intelligence, which can help determine indicators and APT-related activities.</div><div><br></div><div>IT administrators must also be knowledgeable on how their network infrastructure looks like at the baseline, which can be used as a point of comparison to help identify if the organization has been compromised. The presence of tools that have the same function as the tools discussed above should also trigger an investigation on how it is being used in the network. Moreover, a centralized location for all those who log in a system is a reliable way to detect any unauthorized access.</div>
<div>Enterprises have long used a variety of computing methods to efficiently store and share files. These include sending email, sharing files over instant-messaging applications, and using removable drives to store data.</div><div><br></div><div>However, more accessible forms of file storage, sharing, and synchronization meant for the consumer market have found their ways into the enterprise. This practice is part of a trend known as the consumerization of enterprise information technology (IT).</div>
<div>According to a Trend Micro-sponsored Enterprise Strategy Group (ESG) study, nearly 40% of large organizations invested in new security defenses to respond to APTs. However, enterprise efforts in curbing these high-priority threats are still insufﬁcient as security researchers continue to ﬁnd successful APT campaigns inside corporate networks.</div><div><br></div><div>APTs are a category of threat that refers to computer intrusions by threat actors that aggressively pursue and compromise speciﬁc targets. Threat actors use social engineering and malware to enter a network, after which they move laterally throughout the network to extract sensitive information. </div><div><br></div>
<div>Cybercriminals and other threat actors have seen the benefits of using email to get into target networks. Its ubiquity in offices, whether physical or virtual, has proven to be an efficient way to launch attacks.</div><div><br></div><div>In the face of consumerization and the rise of numerous mobile platforms, OSs, and handheld devices, enterprises need to adopt a multilayered and proactive strategy to protect their classified, proprietary information and business-critical assets.</div><div><br></div><div>In the age of mobility and targeted attacks, enterprises need to consider all aspects of email communication, including email specifics from malicious attachments to malicious URLs in order to reduce risk for enterprises.</div>
<div>Hardware and operational cost savings drove the acceptance and adoption of server virtualization initiatives. Many enterprises are thus considering extending the benefits of virtualization to their endpoint infrastructure as well. Based on a recent Trend Micro survey, 71% of the respondents who used virtual servers also had virtual desktop infrastructure (VDI) in the production or pilot stage.</div><div><br></div><div>Virtualizing desktops allow IT administrators to realize some important efficiency gains. These benefits include easier and faster resource provisioning, centralized maintenance, and streamlined support for a varied range of endpoint types and user profiles.</div>
<div>In an ideal world, security patches are applied to all endpoints and servers the moment vendors release them. But IT teams are also in charge of supporting the day-to-day operations of businesses. To install permanent patches, quality tests need to be run and sometimes mission-critical servers need to go offline for a reboot.</div><div><br></div><div>IT administrators are seeing the value of virtual patching. As a strategy, virtual patching ensures that business operational goals are met without compromising security. Various studies support this finding.</div>
<div>The emergence of web applications, social media, and consumerization in the enterprise space has improved business communication in recent years. Email, however, remains the primary medium for exchanging crucial business information. Corporate email comprises most of the global email traffic today. According to a study, business emails are projected to reach over 143 billion by </div><div>the end of 2016.</div><div><br></div><div>Examining potential initial targeted attack points of entry and applying appropriate safeguards provide enterprises an advantage in defending their networks from attacks that threaten mission-critical, sensitive, and confidential information from getting into attackers' hands. In the end, this is the scenario enterprises should prevent.</div>
<div>Enterprises develop web applications to leverage the convenience offered by Internet technologies and meet customer demand. Web applications can be as simple as applications that facilitate customer contact or as complex as those that facilitate online auctions, medical record keeping, banking, and such.</div><div><br></div><div>These applications process data and store results in a back-end database server where business-relevant data such as customer information sits. Web applications, depending on their specific purpose, regularly interact with customers, partners, and employees. Unfortunately, dependencies and interactions between in-house and third-party resources, objects, and inputs inevitably introduce security holes.</div>
<div>Enterprises have adopted virtual desktop infrastructure (VDI) due to benefits such as increasing overall utilization, reducing management costs, and enhancing security. Trend Micro surveyed enterprises worldwide in 2011 and found that the average VDI adoption rate was around 52 percent.</div><div><br></div><div>VDI also supports consumerization and bring-your-own-device (BYOD) strategies, as endpoint users can access applications and data on their desktops using any mobile device, resulting in better productivity.</div><div><br></div><div>The pressure from line-of-business (LOB) managers for IT departments to immediately deploy VDI forces the latter to treat security as a second priority. A study reported that cultural resistance among IT organizations, increased bandwidth requirements, and inability to work offline were some of the challenges related to VDI deployment. When push comes to shove, however, IT groups respond to the pressure by extending traditional security to virtual environments instead of evaluating security specifically designed for VDI to address the security and infrastructure needs of a virtual environment.</div>
<div>Enterprises cite security as their number 1 concern with regard to consumerization. During the actual execution of a consumerization strategy, however, IT groups find that the increasing demand to use employee-owned devices for work is forcing security to compete with other equally important </div><div>activities.</div><div><br></div><div>The scenarios that put security as less of a priority have dire implications. For instance, IT groups may have a bare-bones antivirus solution for mobile devices installed but neglected to orient employees about social engineering or corporate information sharing. In this example, employees may click a socially engineered link through their smartphone browsers that their organizations’ antivirus solution may not be able to catch.</div>
<div>Advanced persistent threats (APTs) refer to a category of threats that pertain to computer intrusions by threat actors that aggressively pursue and compromise chosen targets. APTs are often conducted in campaigns-a series of failed and successful attempts over time to get deeper and deeper into a target's network-and are thus not isolated incidents. In addition, while malware are typically used as attack tools, the real threat is the involvement of human operators who will adapt, adjust, and improve their methods based on the victim’s defenses.</div><div><br></div><div>Standard perimeter and endpoint security technologies are essential to prevent most attacks and, at their best, may detect or block certain aspects of an APT or a targeted attack. The key factors behind the effectiveness of these products is the provider’s ability to source new threat information and the "time to protect"-how quickly new threat information is made available to the products deployed.</div>
<div><font face="tahoma, arial, verdana, sans-serif"><span style="font-size: 12px;">While several factors can be cited for the consistent strong growth of consumer smartphone and other mobile device usage in recent years, reduced cost of device ownership is primary. This, along with other factors, led to a significant increase in the smartphone penetration rate, as a recent Google-sponsored Ipsos study reported growth in all five countries surveyed.</span></font></div><br><span style="font-family: tahoma, arial, verdana, sans-serif; font-size: 12px;">The increased use of personally owned smartphones at and for work has also been causing problems for IT administrators, as unlike company-issued devices, these do not come with equipment device management features enabled. Consumerization is now being pursued in an attempt to increase productivity and reduce costs. As a result, compliance with previously existing IT policies </span><br><div><font face="tahoma, arial, verdana, sans-serif"><span style="font-size: 12px;">may not always be a top priority.</span></font></div><br><span style="font-family: tahoma, arial, verdana, sans-serif; font-size: 12px;">Though typical mobile device management (MDM) solutions offer remote wipe or lock options, enterprises should seek solutions that also aid in threat prevention and data protection. MDM solutions such as Enterprise Mobile Security would have the ability to minimize incidents of data loss or leakage.</span><br><br><div><span style="font-size: 12px; font-family: tahoma, arial, verdana, sans-serif;">Installing data protection solutions in critical systems, along with MDM solution use, is also a great measure to minimize risks associated with data loss or leakage. Should users lose improperly secured mobile devices that have access to or contain sensitive information, data protection solutions installed on internal networks and systems that provide authentication, audit, and access control capabilities can continue to safeguard an organization’s main data storage.</span></div>
Vulnerability shielding, also called virtual patching, is a security or patch management strategy that can protect OSs, applications, and endpoints from attacks leveraging software vulnerabilities. Vulnerability shielding works on the premise that exploits take a specific or definable network path to and from an application in order to use a vulnerability. It is, therefore, possible to manipulate the network layer through rules to control the communications being made to the targeted software.